
The European Commission has presented a new Action Plan aimed at strengthening the European Union’s cybersecurity capabilities in response to the rapid development of advanced artificial intelligence (AI). The initiative seeks to address the growing cybersecurity risks associated with increasingly capable AI models while supporting their responsible use to improve cyber resilience across Europe.
As AI technologies continue to evolve, they offer significant opportunities to strengthen cybersecurity by identifying vulnerabilities, detecting threats and accelerating incident response. At the same time, these technologies can also be exploited by malicious actors to automate cyberattacks, identify security weaknesses and increase the scale and speed of cyber incidents.
Building on the EU’s existing legal framework for AI and cybersecurity, the Action Plan brings together Member States, industry and EU institutions to establish a coordinated approach to managing these emerging risks.
Evaluating advanced AI models
A key element of the Action Plan is the evaluation of advanced AI models before they are placed on the European market.
Under the AI Act, providers of advanced AI systems are required to assess potential risks and implement appropriate mitigation measures. To strengthen these assessments, the European Commission plans to establish a dedicated EU evaluation capacity focused on cybersecurity. Expected to become operational in 2027, this capability will support the AI Office by providing independent assessments of AI models‘ capabilities and associated risks.
The initiative is also intended to strengthen European expertise in evaluating advanced AI technologies and contribute to the global understanding of AI-related cybersecurity risks.
Improving access to AI for cybersecurity
The Commission also recognises that public authorities and organisations working in cybersecurity require appropriate access to advanced AI systems.
To support this objective, the Commission will collaborate with the European Union Agency for Cybersecurity (ENISA) to develop a European blueprint outlining transparent and structured conditions for accessing advanced AI capabilities. The guidance is expected to assist both public and private organisations in using AI technologies to enhance cybersecurity while ensuring appropriate safeguards.
Creating a secure testing environment
Another proposal focuses on enabling organisations to test AI applications safely before deploying them in operational environments.
ENISA and the Commission’s Joint Research Centre will establish a secure testing platform where AI solutions can be evaluated using simulated cyber environments. The platform is intended to help organisations understand how AI performs under realistic conditions while minimising operational risks.
The testing environment will primarily support operators in critical sectors, including finance, energy, healthcare, transport and public administration, where cybersecurity incidents can have significant economic and societal consequences.
Strengthening cyber resilience
Beyond evaluating AI systems, the Action Plan encourages organisations to reinforce existing cybersecurity practices.
The Commission highlights the importance of maintaining strong cyber hygiene, implementing effective risk management processes and applying security-by-design principles, in line with existing EU cybersecurity legislation.
Organisations are also encouraged to make greater use of available AI tools, including open-source models, to identify software vulnerabilities more quickly, improve threat detection and strengthen incident response capabilities.
To support this transition, ENISA will facilitate cooperation between public authorities, businesses and open-source software communities. Planned activities include publishing guidance, sharing best practices and launching initiatives to improve the security of critical open-source software used throughout Europe’s digital ecosystem.
Supporting European AI innovation
The Action Plan also includes measures designed to strengthen Europe’s own AI capabilities.
The Commission plans to launch the EU Grand Challenge on AI for Cybersecurity, a competition aimed at bringing together companies, researchers and public organisations to develop innovative AI-based cybersecurity solutions.
In parallel, the EU intends to continue investing in sovereign AI infrastructure through initiatives such as AI Factories and future Gigafactories. The Commission also points to the proposed European Tech equity capacity, announced as part of the Tech Sovereignty Package, as a mechanism to attract private investment and support the growth of European AI technologies.
Existing legal framework
The Action Plan complements the EU’s broader regulatory framework governing AI and cybersecurity.
The AI Act establishes obligations for providers of advanced AI models to assess and mitigate potential risks, while the General-Purpose AI Code of Practice provides additional guidance to facilitate compliance. These provisions are scheduled to become enforceable from 2 August 2026.
The initiative also builds upon other key pieces of EU legislation, including the Cyber Resilience Act, which introduces security-by-design requirements for hardware and software products from the end of 2027; the NIS2 Directive, which strengthens cybersecurity requirements for critical sectors; the Digital Operational Resilience Act (DORA), which focuses on the financial sector; and the Cyber Solidarity Act, which enhances the EU’s capacity to detect, prepare for and respond to significant cyber threats.
Together, these measures reflect the EU’s broader objective of ensuring that advances in artificial intelligence contribute to a more secure and resilient digital environment while addressing the new cybersecurity challenges posed by rapidly evolving AI technologies.
References
European Commission . (07, July 2026). Commission presents EU Action Plan on Cybersecurity and Artificial Intelligence. Retrieved from European Commission – Press Corner : https://ec.europa.eu/commission/presscorner/detail/en/ip_26_1544
Photo:
https://tse3.mm.bing.net/th/id/OIP.Kr3a8zQ_kNKg09V0McWhrwHaEK?r=0&rs=1&pid=ImgDetMain&o=7&rm=3



